How does an SSL/TLS Certificate work?

A quick glance behind the curtain at how SSL/TLS encryption works

It takes just milliseconds for an encrypted connection to be negotiated...

1

When a web browser visits a website it first checks to see if there is an SSL/TLS certificate associated with it. Provided there is, the two begin what is referred to as the SSL handshake.

2

During the SSL handshake the browser checks the validity of the SSL Certificate and makes sure that the website is authenticated properly.

3

All SSL certificates have an associated public key and private key. These keys separately handle encryption and decryption. They are used during the SSL handshake to communicate securely.

4

After the client confirms the certificate is valid, the client and the website's server create a "session key," which is a third key that is used for the remainder of the secure connection. This is a "symmetric" key, which is a more efficient form of encryption that makes communication over SSL faster.

5

At the end of the handshake, which typically takes a few hundred milliseconds, a secure connection is established and the client and server can then communicate safely across the internet, no matter where they are.

Something to Remember...

While encrypted communication is taking place, it is nearly impossible for third parties to decrypt the information being sent back and forth. This is why it's crucial that E-commerce websites and other sites that are collecting personal information utilize SSL/TLS. In an unencrypted connection all of the communication between a client and a server is left out in the open, available for all to see. Encrypted connections essentially scramble the communication until it can be decrypted by the party with the other session key.